Vulnerabilities

Cisco Patches Critical Vulnerability in Secure Workload

Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges.

Cisco patches

Cisco on Wednesday announced patches for a critical-severity vulnerability in Secure Workload that could allow attackers to access site resources with Site Admin privileges.

The flaw, tracked as CVE-2026-20223 (CVSS score of 10/10), exists due to insufficient validation and authentication in the REST API endpoints.

“An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco notes in its advisory.

Successful exploitation of the security defect allows an attacker to read sensitive information and modify configurations across tenant boundaries, with Site Admin privileges.

“This vulnerability affects Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration. This vulnerability affects only internal REST APIs and does not affect the web-based management interface,” Cisco explains.

The weakness was addressed in Secure Workload versions 3.10.8.3 and 4.0.3.17. Cisco says it is not aware of this issue being exploited in the wild, but recommends that all users update their appliances to avoid future exposure.

Advertisement. Scroll to continue reading.

On Wednesday, the tech giant also released patches for three medium-severity vulnerabilities affecting the ThousandEyes Virtual Appliance, ThousandEyes Enterprise Agent, and Nexus 3000 and 9000 series switches.

The bugs could allow attackers to execute commands remotely with root privileges or as the node user, and to trigger BGP peer flaps, leading to a denial-of-service (DoS) condition.

None of these security defects appears to have been exploited in the wild, the company says. Additional information can be found on Cisco’s security advisories page.

Related: Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Related: Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Related: Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

Related: Anthropic Silently Patches Claude Code Sandbox Bypass

Related Content

Vulnerabilities

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659).

Vulnerabilities

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users.

Vulnerabilities

Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Malware & Threats

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.

ICS/OT

CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers.

Artificial Intelligence

AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. 

Application Security

It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version